nicolaskruchten commented 6 years ago

We should have a better/safer way of storing data on the client than CSS-invisible html.Div components, for sensitive data that not all users should see/have access to. I propose a new dcc.Store component which wouldn't render in the DOM and which would transparently encrypt/decrypt its data-* props on the server.

254 was a first cut at implementing this in `dash.py` and some design discussion is available there. It seems like the way forward here is to make the base component class extensible with server-side `transform`/`inverse_transform` extension points.

@chriddyp is there an existing issue that captures other needs/thoughts around the base component extension idea?

valentijnnieman commented 5 years ago

@nicolaskruchten Can this be closed now that dash-core-components has a new Store component?

nicolaskruchten commented 5 years ago

No, because the data stored there is still unencrypted :)

supernyv commented 2 months ago

Hi guys,

Nice to see this discussion. This is exactly what I am looking for, a dcc.Store that has the capability to encrypt and decrypt its data, and it will probably help a lot of developers

gvwilson commented 1 month ago

@AnnMarieW will dcc.Store do encryption these days?

AnnMarieW commented 1 month ago

No, this feature is still not available, but I could see how it could be useful.

BSd3v commented 1 month ago

Gonna pop in here, encryption is a good thought, but what has to do the decrypting?

if the clientside is doing the decryption, then you could capture the process of decryption by viewing the code
if the server, then there is the encrypted version that would be in the store and then the other side that would take the data, process and send it back for whatever it is used for.
if we are doing it server side, then what is the point of even sending the data to the client in its raw form? Wouldnt something like serverSide output work from dash-extensions?

A couple of notes:

if a dcc.Store is stored in memory, you cant view it unless you access the React props, but getting to this nested Store would be a bit of a chore, although possible.
it is possible for a developer to encrypt / decrypt in their own flows on the server side as well while using a dcc.Store, which means that the developer would be responsible for maintaining the secureness of their keys for the process

plotly / dash

dcc.Store and encrypted props #262

254 was a first cut at implementing this in `dash.py` and some design discussion is available there. It seems like the way forward here is to make the base component class extensible with server-side `transform`/`inverse_transform` extension points.

plotly / dash

dcc.Store and encrypted props #262

254 was a first cut at implementing this in dash.py and some design discussion is available there. It seems like the way forward here is to make the base component class extensible with server-side transform/inverse_transform extension points.

254 was a first cut at implementing this in `dash.py` and some design discussion is available there. It seems like the way forward here is to make the base component class extensible with server-side `transform`/`inverse_transform` extension points.